Context Information Security have released a module for IIS 7 to block information leakage from HTTP headers. A standard web application penetration test recommends the removal of any version number information. Previously the IIS urlscan tool could be used to block this information, however, for IIS 7 this is no longer possible, therefore Context have released this module to block this information.
HTTP headers are name/value sets of data that are transmitted between the client (web browser) and the web server. HTTP headers are used to transmit key data such as HTTP cookies.Excessive HTTP headers can aid an attacker by either identifying particular technologies used within a web application or presenting specific software version information. Whilst minimising the attack surface by preventing information leakage is not a panacea it is a step towards improving security.With the introduction of new Microsoft frameworks such as ASP.Net and MVC it appears that the number of HTTP headers returned by the IIS web server is increasing. An example of these headers is shown below:
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Download and more info: http://www.contextis.co.uk
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “IIS7 Header Block Released”
Leave a reply