Skip to content

AspNetMvc header exposes version information

Description

The target website returns AspNet headers along with version information of this website. By exposing these values attackers may attempt to identify if the target software is vulnerable to known vulnerabilities. Or catalog known sites running particular versions to exploit in the future when a vulnerability is identified in the particular version.

Remediation

To remove the X-AspNetMvc-Version information set MvcHandler.DisableMvcResponseHeader = true; in the Global.asax.cs file in the Application_Start() method.

protected void Application_Start()
{
    MvcHandler.DisableMvcResponseHeader = true;
}

Details

ID Aggregated CWE Type Risk
16.6 true 16 Passive Low

Links