ASP.NET Version Disclosure
Impact: Informational
Description
The presence of the X-AspNet-Version
and X-AspNetMvc-Version
headers exposes the version of ASP.NET used by the web server, providing valuable information to attackers. This disclosure can aid attackers in identifying vulnerabilities and planning their attacks more effectively.
Recommendation
To mitigate this issue:
- To remove the
X-AspNet-Version
header, add the following line in yourweb.config
within the<system.web>
section:
<httpRuntime enableVersionHeader="false" />
- To remove the
X-AspNetMvc-Version
header, add the following line inGlobal.asax
:
MvcHandler.DisableMvcResponseHeader = true;
References
👉 You might also like:
PHP Version Disclosure - Vulnerability
Apache Version Disclosure - Vulnerability
Nginx Version Disclosure - Vulnerability
Server Version Disclosure - Vulnerability
Last updated on May 13, 2024