HTTP: IIS SQLQHit.asp Information Disclosure
This signature detects attempts to exploit a known vulnerability in Microsoft Index Server 2.0. Attackers can manipulate the SQLQHit sample Active Server Page on a Microsoft IIS server to obtain system files, source code for other ASP files, and other potentially sensitive information.
Extended Description
The sqlqhit.asp sample file is used for performing web-based SQL queries. Malicious users could send specifically crafted HTTP request to an Internet Information Services server running Index Server to reveal path information, file attributes, and possibly some lines of the file contents. The sqlqhit.asp file is located in the \inetpub\iissamples\ISSamples\ folder and is installed by default.
Affected Products
Microsoft index_server
Short Name
HTTP:IIS:INDEX-SERVER-SQLQHIT
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2001-0986 Disclosure IIS Information SQLQHit.asp bid:3339
Release Date
05/08/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.0