ASP.NET - Version Disclosure Issue vulnerability Windows 2019

Henry Niekoop 86 Reputation points
2021-05-04T14:52:13.717+00:00

How do I disable ASP.NET - Version Disclosure Issue in Windows 2019 (Used with RD gateway portal)? If I remove the X-Powered-By ASP.NET http response headers in IIS the RD Gateway website no longer works.

Internet Information Services
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Reza-Ameri 16,996 Reputation points
    2021-05-04T14:56:05.513+00:00

    This is not a vulnerability but this is an expected behavior.
    You won't need to remove it, you could replace it with other value.

    1 person found this answer helpful.
    0 comments No comments

  2. Henry Niekoop 86 Reputation points
    2021-05-04T15:03:27.027+00:00

    Thanks but can you please explain further? Can I change the value ASP.NET to anything let's say "XXXXX"?

    0 comments No comments

  3. Sam Wu-MSFT 7,536 Reputation points Microsoft Vendor
    2021-05-05T05:52:08.017+00:00

    Hi @Henry Niekoop

    Apply the following changes to your web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses.

    <System.Web>  
         <httpRuntime enableVersionHeader="false" />   
         </customErrors>  
    </System.Web>  
                                                                                            
    

    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  4. MotoX80 34,681 Reputation points
    2021-05-05T14:04:33.027+00:00

    If I remove the X-Powered-By ASP.NET http response headers in IIS the RD Gateway website no longer works.

    Is this what you removed? What if you remove it at the server level instead of the site level?

    What error do you get when it "no longer works"?

    93940-capture.jpg

    0 comments No comments

  5. Henry Niekoop 86 Reputation points
    2021-05-05T14:07:04.737+00:00

    Yes, that is what I removed. At the server level. I forgot the exact error but the site was no longer working.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.