Description

The HTTP responses returned by this web application include a header named X-AspNetMvc-Version. The value of this header disclose the version of ASP.NET MVC in use. It is not necessary for production sites and should be disabled.

Remediation

To remove the X-AspNetMvc-Version header add the following code in Global.asax, in the Application Start event: 

MvcHandler.DisableMvcResponseHeader = true;

References

MvcHandler.DisableMvcResponseHeader Property

Related Vulnerabilities

WordPress Plugin Theme Editor Arbitrary File Download (2.5)

WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-15132)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5497)

Unrestricted access to Prometheus Metrics

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure