CVE-2001-0986 Information

Description

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path file attributes or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo (2) extended_fileinfo (3) extended_webinfo or (4) fileinfo.

Reference

http://www.securityfocus.com/archive/1/214217 http://www.securityfocus.com/bid/3339 https://exchange.xforce.ibmcloud.com/vulnerabilities/7125