CVE-2001-0986

Name of the Vulnerable Software and Affected Versions Microsoft Index Server 2.0

Description The issue allows remote attackers to obtain sensitive information, including the physical path, file attributes, or portions of source code, by directly calling the SQLQHit.asp sample file with a specific CiScope parameter set to values such as webinfo, extended fileinfo, extended webinfo, or fileinfo.

Recommendations For Microsoft Index Server 2.0, consider restricting access to the SQLQHit.asp sample file to prevent direct calls with sensitive CiScope parameters until a fix is available. As a temporary workaround, avoid using the CiScope parameter with values that could expose sensitive information.