High Praetorian discovered this vulnerability while manually monitoring the data sent to the application in the server responses. The web banner revealed the application server software name and version number.
Path to Test:
Open Login Page --> Right Click --> Inspect Element --> "Network" Tab --> Ctrl+F5 --> Click on files from list, you will get file details at Right side.
To Check :
In earlier scenario,
In the file details there was Server attribute which reveals Server Version Info
Now, this attribute is removed for all files
Assigning to Zeeshan
Verified as Server Banner is removed from responses.
Zeeshan Chishty (Inactive)
added a comment - Verified as Server Banner is removed from responses. Verified that server header does not appear in response on stage.
Zeeshan Chishty (Inactive)
added a comment - Verified that server header does not appear in response on stage. Deployed on Production on all 3 Web Servers.
Please check carefully. If you found any Response Header related to this ticket please let us know.
Removed Response Headers:
- Server
- X-Powered-By
- X-Aspnet-Version
- X-AspNetMvc-Version
NOTE : Check this headers only for WORKTERRA Resources
Confirmed that server header does not appear in response on Production Server's response
Zeeshan Chishty (Inactive)
added a comment - Confirmed that server header does not appear in response on Production Server's response as discussed with Niteen no functional testing is involved here , can close this ticket.
Commented code : SharedFunctionWebTier\SharedFunctionWebTier\Modules\SharedSessionModule.cs
This code is commented because for this patch, changes made in IIS Configuration Editor at Web Server.