Description

The HTTP responses returned by this web application include anheader named X-AspNet-Version. The value of this header is used by Visual Studio to determine which version of ASP.NET is in use. It is not necessary for production sites and should be disabled.

Remediation

Apply the following changes to the web.config file to prevent ASP.NET version disclosure: 

<System.Web>
 <httpRuntime enableVersionHeader="false" />
</System.Web>

References

HttpRuntimeSection.EnableVersionHeader Property

Related Vulnerabilities

Contact Form Email Information Disclosure (1.2.66)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.4)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1607)

VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.3)

Ubiquiti Unifi Log4Shell RCE

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Tags

Information Disclosure