| Details | |
|---|---|
| Alert ID | 10061 |
| Alert Type | Passive |
| Status | release |
| Risk | Low |
| CWE | 933 |
| WASC | 14 |
| Technologies Targeted | All |
| Tags |
CWE-933 OWASP_2017_A06 OWASP_2021_A05 WSTG-V42-INFO-08 |
| More Info |
Scan Rule Help |
Summary
Server leaks information via “X-AspNet-Version”/“X-AspNetMvc-Version” HTTP response header field(s).
Solution
Configure the server so it will not return those headers.Other Info
An attacker can use this information to exploit known vulnerabilities.References
- https://www.troyhunt.com/shhh-dont-let-your-response-headers/
- https://blogs.msdn.microsoft.com/varunm/2013/04/23/remove-unwanted-http-response-headers/