ASP.NET Version Disclosure

Impact: Informational

Description

The X-AspNet-Version and X-AspNetMvc-Version headers reveal the version of ASP.NET used by the webserver. This information exposes the server to attackers. Using the information in this header, attackers can find vulnerabilities easier.

Recommendation

To remove the X-AspNet-Version header, add the following line in your web.config in the <system.web> section.

<httpRuntime enableVersionHeader="false" />

To remove the X-AspNetMvc-Version header, add the below line in Global.asax

MvcHandler.DisableMvcResponseHeader = true;

References

CWE-200
OWASP 2007-A6
OWASP 2021-A1
OWASP 2017-A6
OWASP 2021-A5
CWE-16

👉 You might also like:

PHP Version Disclosure - Vulnerability

Apache Version Disclosure - Vulnerability

Nginx Version Disclosure - Vulnerability

Server Version Disclosure - Vulnerability

Last updated on September 06, 2021

ASP.NET Version Disclosure

Description

Recommendation

References

Use SmartScanner Free version to test for this issue