Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
We recently had a PenTest on our Umbraco 6.1.6 website on which we use ImageGen Pro version 18.104.22.168864.
"It was observed that the tested website discloses information about its configuration and components' versions. This provides information to an attacker about the underlying platform and technologies that could have otherwise been unknown: ImageGen Professional version disclosure."
Kinda silly, I know, but... is there a way hide all the ImageGen version stuff? We already have <HideDomains>true</HideDomains> in the config.
Sorry, there isn't a way to display no information at all from ImageGen.
You might consider a urlrewrite rule or router rule that disallows requests to ImageGen.ashx?version from any outside IP address.
Thanks Doug! :)
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted