ASP.NET Version Disclosure

Impact: Informational

Description

The presence of the X-AspNet-Version and X-AspNetMvc-Version headers exposes the version of ASP.NET used by the web server, providing valuable information to attackers. This disclosure can aid attackers in identifying vulnerabilities and planning their attacks more effectively.

Recommendation

To mitigate this issue:

To remove the X-AspNet-Version header, add the following line in your web.config within the <system.web> section:

<httpRuntime enableVersionHeader="false" />

To remove the X-AspNetMvc-Version header, add the following line in Global.asax:

MvcHandler.DisableMvcResponseHeader = true;

References

CWE-16
CWE-200
Microsoft: Remove Server Header
OWASP 2021-A5
OWASP: Web Server Security

👉 You might also like:

PHP Version Disclosure - Vulnerability

Apache Version Disclosure - Vulnerability

Nginx Version Disclosure - Vulnerability

Server Version Disclosure - Vulnerability

Last updated on May 13, 2024

ASP.NET Version Disclosure

Description

Recommendation

References

Use SmartScanner Free version to test for this issue