Config Files Missing Suppress Vuln Header

Description

Detects if the X-Powered-By header is not properly suppressed in .NET configuration files. This header reveals information about the web server technology stack which could help attackers identify version-specific vulnerabilities.

Weakness:

037 - Technical information leak

Category: Information Collection

Detection Strategy

• Search for <customHeaders> sections in .NET configuration files

• Check if there is a <remove> tag with name="X-Powered-By" within the customHeaders section

• Report a vulnerability if customHeaders exists but does not contain the proper header removal configuration

Vulnerable code example

<!-- web.config -->
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders> <!-- Vulnerable: Missing important security headers like X-Frame-Options -->
            </customHeaders>
        </httpProtocol>
    </system.webServer>...

✅ Secure code example

<!-- web.config -->
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By"/> <!-- Remove server info disclosure -->
                <add name="X-Frame-Options" value="SAMEORIGIN"/> <!-- Prevent clickjacking -->
                <add name="X-Content-Type-Options" value="nosniff"/> <!-- Prevent MIME type sniffing -->...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.