High Praetorian discovered this vulnerability while manually monitoring the data sent to the application in the server responses. The web banner revealed the application server software name and version number.
Confirmed that server header does not appear in response on Production Server's response
Zeeshan Chishty (Inactive)
added a comment - Confirmed that server header does not appear in response on Production Server's response Deployed on Production on all 3 Web Servers.
Please check carefully. If you found any Response Header related to this ticket please let us know.
Removed Response Headers:
- Server
- X-Powered-By
- X-Aspnet-Version
- X-AspNetMvc-Version
NOTE : Check this headers only for WORKTERRA Resources
Verified that server header does not appear in response on stage.
Zeeshan Chishty (Inactive)
added a comment - Verified that server header does not appear in response on stage. Verified as Server Banner is removed from responses.
Zeeshan Chishty (Inactive)
added a comment - Verified as Server Banner is removed from responses. Assigning to Zeeshan
Path to Test:
Open Login Page --> Right Click --> Inspect Element --> "Network" Tab --> Ctrl+F5 --> Click on files from list, you will get file details at Right side.
To Check :
In earlier scenario,
In the file details there was Server attribute which reveals Server Version Info
Now, this attribute is removed for all files
Commented code : SharedFunctionWebTier\SharedFunctionWebTier\Modules\SharedSessionModule.cs
This code is commented because for this patch, changes made in IIS Configuration Editor at Web Server.
as discussed with Niteen no functional testing is involved here , can close this ticket.