Overview
A vulnerability exists in the way that Index Server 2.0 and the Indexing Service for Windows 2000 handles search requests. This vulnerability may alllow attackers to view the contents of "include" files located on the web server.
Description
By submitting a specific search request to a system running Index Server 2.0 or Indexing Service for Windows 2000, a remote attacker may be able to read the contents of "include" files located on the server. While "include" files should not contain sensitive information, if they did, this vulnerability might expose that data to attackers. This vulnerability is a variant of the problem described in Microsoft Security Bulletin MS00-006. |
Impact
A remote attacker can view the contents of "include" files located on a vulnerable web server. |
Solution
Apply a Patch |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to David Litchfield of @Stake for discovering this vulnerability.
This document was written by Cory F. Cohen.
Other Information
| CVE IDs: | CVE-2001-0245 |
| Severity Metric: | 3.83 |
| Date Public: | 2001-05-10 |
| Date First Published: | 2002-09-27 |
| Date Last Updated: | 2002-09-27 17:41 UTC |
| Document Revision: | 11 |