X-AspNet-Version Response Header

Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

Exposing the ASP.NET framework version through response headers provides attackers with specific version information that can be used to identify known vulnerabilities. Attackers leverage this reconnaissance data to quickly determine if the application is running on outdated versions with documented security flaws, allowing them to launch targeted exploits against version-specific vulnerabilities without wasting time on trial-and-error attacks.

Remove the X-AspNet-Version and X-AspNetMvc-Version headers by adding enableVersionHeader="false" to the httpRuntime element in web.config, or by setting MvcHandler.DisableMvcResponseHeader = true in Global.asax. Additionally, configure the web server to strip these headers if they are inadvertently included by the application.