本頁列出影響 microsoft index_server 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2001-0986 | SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. | [email protected] | 5.0 | 48.16% | 2001-09-14 | 2026-06-16 |
| CVE-2001-0500 | Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | [email protected] | 10.0 | 96.73% | 2001-07-21 | 2026-06-16 |
| CVE-2001-0245 | Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. | [email protected] | 5.0 | 14.35% | 2001-06-27 | 2026-06-16 |
| CVE-2001-0244 | Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. | [email protected] | 7.5 | 14.73% | 2001-06-27 | 2026-06-16 |
| CVE-2000-0302 | Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. | [email protected] | 5.0 | 78.43% | 2000-03-31 | 2026-06-16 |
| CVE-2000-0098 | Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. | [email protected] | 5.0 | 48.54% | 2000-01-26 | 2026-06-16 |
| CVE-2000-0097 | The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. | [email protected] | 5.0 | 35.88% | 2000-01-26 | 2026-06-16 |
| CVE-1999-1011 | The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | [email protected] | 10.0 | 77.14% | 1999-07-19 | 2026-06-16 |
| CVE-1999-1397 | Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. | [email protected] | 7.5 | 11.70% | 1999-03-23 | 2026-06-16 |