Reports for ASP.net report in the following format:
Issue detail
The server software versions used by the application are revealed by the web server. Displaying version information of software information could allow an attacker to determine which vulnerabilities are present in the software, particularly if an outdated software version is in use with published vulnerabilities. The following software appears to be in use:
Microsoft IIS: 8.5
ASP.Net MVC Framework: 5.1
ASP.Net: 4.0.30319
From the header:
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: <redacted>
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=<redacted>; path=/; HttpOnly
X-AspNetMvc-Version: 5.1
X-AspNet-Version: 4.0.30319
However the X-AspNet-Version response header isn't ASP's way of indicating the MAJOR.MINOR.BUILD in use on the server, as explained here: https://stackoverflow.com/questions/12971881/how-to-reliably-detect-the-actual-net-4-5-version-installed
The checks for ASP.net should be updated to match those observed in the stackoverflow thread. Please let me know if you concur with this finding and would like me to put in a pull request.
Reports for ASP.net report in the following format:
From the header:
However the X-AspNet-Version response header isn't ASP's way of indicating the MAJOR.MINOR.BUILD in use on the server, as explained here: https://stackoverflow.com/questions/12971881/how-to-reliably-detect-the-actual-net-4-5-version-installed
The checks for ASP.net should be updated to match those observed in the stackoverflow thread. Please let me know if you concur with this finding and would like me to put in a pull request.