Description

The HTTP responses returned by this web application include a header named X-AspNetMvc-Version. The value of this header disclose the version of ASP.NET MVC in use. It is not necessary for production sites and should be disabled.

Remediation

To remove the X-AspNetMvc-Version header add the following code in Global.asax, in the Application Start event: 

MvcHandler.DisableMvcResponseHeader = true;

References

MvcHandler.DisableMvcResponseHeader Property

Related Vulnerabilities

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)

WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)

WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)

WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)

WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure