exploitDog

CVE-2001-0986

Опубликовано: 14 сент. 2001

Источник: nvd

CVSS2: 5

EPSS Высокий

Описание

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

Ссылки

http://www.securityfocus.com/archive/1/214217
Patch
Vendor Advisory
http://www.securityfocus.com/bid/3339
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7125
http://www.securityfocus.com/archive/1/214217
Patch
Vendor Advisory
http://www.securityfocus.com/bid/3339
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7125

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:index_server:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.7406

Высокий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-rwh7-p7fv-r943

github

больше 3 лет назад

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

EPSS

Процентиль: 99%

0.7406

Высокий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other