ASP.NET - Version Disclosure Issue vulnerability Windows 2019

asked 2021-05-04T14:52:13.717+00:00
Henry Niekoop 86 Reputation points

How do I disable ASP.NET - Version Disclosure Issue in Windows 2019 (Used with RD gateway portal)? If I remove the X-Powered-By ASP.NET http response headers in IIS the RD Gateway website no longer works.

Internet Information Services
No comments
{count} votes

5 answers

Sort by: Most helpful
  1. answered 2021-05-04T14:56:05.513+00:00
    Reza Ameri 14,601 Reputation points

    This is not a vulnerability but this is an expected behavior.
    You won't need to remove it, you could replace it with other value.

    No comments

  2. answered 2021-05-04T15:03:27.027+00:00
    Henry Niekoop 86 Reputation points

    Thanks but can you please explain further? Can I change the value ASP.NET to anything let's say "XXXXX"?

    No comments

  3. answered 2021-05-05T05:52:08.017+00:00
    Sam Wu-MSFT 5,126 Reputation points Microsoft Employee

    Hi @Henry Niekoop

    Apply the following changes to your web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses.

    <System.Web>  
         <httpRuntime enableVersionHeader="false" />   
         </customErrors>  
    </System.Web>  
                                                                                            
    

    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  4. answered 2021-05-05T14:04:33.027+00:00
    MotoX80 23,471 Reputation points

    If I remove the X-Powered-By ASP.NET http response headers in IIS the RD Gateway website no longer works.

    Is this what you removed? What if you remove it at the server level instead of the site level?

    What error do you get when it "no longer works"?

    93940-capture.jpg

    No comments

  5. answered 2021-05-05T14:07:04.737+00:00
    Henry Niekoop 86 Reputation points

    Yes, that is what I removed. At the server level. I forgot the exact error but the site was no longer working.