Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Version Disclosure (ASP.NET MVC) - Vulnerability Database

Version Disclosure (ASP.NET MVC)

Description

This web application returns an X-AspNetMvc-Version HTTP response header that discloses the specific version of ASP.NET MVC framework in use. This header serves no functional purpose in production environments and provides unnecessary technical information to potential attackers. Version disclosure can aid attackers in identifying known vulnerabilities specific to the detected framework version.

Remediation

Disable the X-AspNetMvc-Version header by setting the DisableMvcResponseHeader property to true in your application's Global.asax file. Add the following code within the Application_Start() method:

protected void Application_Start()
{
    MvcHandler.DisableMvcResponseHeader = true;
    // Other application startup code...
}
After implementing this change, redeploy the application and verify that the X-AspNetMvc-Version header no longer appears in HTTP responses. This configuration change has no impact on application functionality and is recommended for all production environments.

References

MvcHandler.DisableMvcResponseHeader Property

Related Vulnerabilities

Trace.axd Detected High
Common tags: Information Disclosure
WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0) High
Common tags: Information Disclosure
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0) High
Common tags: Information Disclosure
WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3) High
Common tags: Information Disclosure
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6) High
Common tags: Information Disclosure

Severity

Low

Classification

CWE-200
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure