Description
The HTTP responses returned by this web application include anheader named X-AspNet-Version. The value of this header is used by Visual Studio to determine which version of ASP.NET is in use. It is not necessary for production sites and should be disabled.
Remediation
Apply the following changes to the web.config file to prevent ASP.NET version disclosure:
<System.Web> <httpRuntime enableVersionHeader="false" /> </System.Web>
References
Related Vulnerabilities
WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)
Unrestricted access to Haproxy Data Plane API
WordPress Plugin IgniteUp-Coming Soon and Maintenance Mode Multiple Vulnerabilities (3.4)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5610)