This is not a vulnerability but this is an expected behavior.
You won't need to remove it, you could replace it with other value.
ASP.NET - Version Disclosure Issue vulnerability Windows 2019
How do I disable ASP.NET - Version Disclosure Issue in Windows 2019 (Used with RD gateway portal)? If I remove the X-Powered-By ASP.NET http response headers in IIS the RD Gateway website no longer works.
5 answers
Sort by: Most helpful
-
Reza-Ameri 16,996 Reputation points
2021-05-04T14:56:05.513+00:00 -
Henry Niekoop 86 Reputation points
2021-05-04T15:03:27.027+00:00 Thanks but can you please explain further? Can I change the value ASP.NET to anything let's say "XXXXX"?
-
Sam Wu-MSFT 7,536 Reputation points Microsoft Vendor
2021-05-05T05:52:08.017+00:00 Apply the following changes to your web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses.
<System.Web> <httpRuntime enableVersionHeader="false" /> </customErrors> </System.Web>
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
MotoX80 34,681 Reputation points
2021-05-05T14:04:33.027+00:00 If I remove the X-Powered-By ASP.NET http response headers in IIS the RD Gateway website no longer works.
Is this what you removed? What if you remove it at the server level instead of the site level?
What error do you get when it "no longer works"?
-
Henry Niekoop 86 Reputation points
2021-05-05T14:07:04.737+00:00 Yes, that is what I removed. At the server level. I forgot the exact error but the site was no longer working.