Vulnerability Details : CVE-2001-0986
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
Exploit prediction scoring system (EPSS) score for CVE-2001-0986
Probability of exploitation activity in the next 30 days: 95.78%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-0986
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2001-0986
-
http://www.securityfocus.com/archive/1/214217
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/7125
-
http://www.securityfocus.com/bid/3339
Exploit;Vendor Advisory
Products affected by CVE-2001-0986
- cpe:2.3:a:microsoft:index_server:2.0:*:*:*:*:*:*:*