Last post Sep 20, 2020 08:07 PM by JessSimms1
Sep 09, 2020 11:09 AM|JessSimms1|LINK
I have a standard C# MVC project it is live and we have an open bug bounty program, a user has mentioned we are showing a Version information leak using headers, as in they can see:
They have said:
"The version of aspnet is leaked. Which will help attacker to find vulnerable CVEs and exploit the vulnerability"
I should be aiming to not show this, I have my site hosted with an external company so my question is how do I not show this to external users? Any know thanks in advance :)
Sep 10, 2020 07:46 AM|Sean Fang|LINK
Add this to web.config (In the root of your project) to get rid of the X-AspNet-Version header:
<httpRuntime enableVersionHeader="false" />
Besides, you might be bothered by other unexpected headers:
<remove name="X-Powered-By" />
Hope this can help you.
Sep 20, 2020 08:07 PM|JessSimms1|LINK
Will close this I think as our site
is externally hosted and we aren't able to configure the webservers to solve this anyway, many thanks