ASP.NET Version Disclosure
Impact: Informational
Description
The X-AspNet-Version
and X-AspNetMvc-Version
headers reveal the version of ASP.NET used by the webserver. This information exposes the server to attackers. Using the information in this header, attackers can find vulnerabilities easier.
Recommendation
To remove the X-AspNet-Version
header, add the following line in your web.config
in the <system.web>
section.
<httpRuntime enableVersionHeader="false" />
To remove the X-AspNetMvc-Version
header, add the below line in Global.asax
MvcHandler.DisableMvcResponseHeader = true;
References
👉 You might also like:
PHP Version Disclosure - Vulnerability
Apache Version Disclosure - Vulnerability
Nginx Version Disclosure - Vulnerability
Server Version Disclosure - Vulnerability
Last updated on September 06, 2021