Microsoft Index Server — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Index Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2001-0500 — CVSS 10.0 (critical): Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote…
CVE-1999-1011 — CVSS 10.0 (critical): The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods…
CVE-2001-0244 — CVSS 7.5 (high): Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
CVE-1999-1397 — CVSS 7.5 (high): Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose…
CVE-2001-0245 — CVSS 5.0 (medium): Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include…
CVE-2001-0986 — CVSS 5.0 (medium): SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path…
CVE-2000-0097 — CVSS 5.0 (medium): The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting…
CVE-2000-0098 — CVSS 5.0 (medium): Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file…
CVE-2000-0302 — CVSS 5.0 (medium): Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile…