| |
Vulnerability CVE-2001-0986
Published: 2001-09-14 Modified: 2012-02-12
| Description: |
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. |
Type:
CWE-Other
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
http://www.securityfocus.com/archive/1/214217
http://www.securityfocus.com/bid/3339
https://exchange.xforce.ibmcloud.com/vulnerabilities/7125
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
