1

I was recently handed over the support of an already built logic app that accepts some json and performs some validations and send it to some endpoint. There's nothing wrong with the Logic app functionality, it works completely fine.

The problem is, penetration testing was done on the app and it presented us with security concern of X-aspnet-Version:4.0.30319.

I found this post here and it says:

That is not the actual .NET framework version. It is the version of the CLR

My questions are, can the above quote be considered as the valid reference to address the issue? If not, can the logic app be somehow upgraded to use aspnet version 4.5 or higher?

And if I can change the version, can this have impacts on my current logic app's behavior?

Note: The app was made entirely through logic app designer and not a single chunk of coding was implemented

enter image description here

piet.t
  • 11,718
  • 21
  • 43
  • 52
Shaheryar.Akram
  • 722
  • 10
  • 19

2 Answers2

2

No, the problem is with the test tool, not Logic Apps.

Just because it infers a problem doesn't mean there is a problem.

Explain to you 'security' testers that this is an Azure Logic App, not Windows/IIS. If you tell us the exact 'security concern' we can explain why it's irrelevant.

Johns-305
  • 10,908
  • 12
  • 21
1

X-AspNet-Version: specifies the version of ASP.NET being used. Note that this value returns the core framework version. Typical examples include 1.1.4322, 2.0.50727 and 4.0.30319.

ASP.NET web sites send the ASP.NET version information in the web server HTTP Response Header as X-AspNet-Version value automatically to the client. So, you could not change it in logic app.

Joey Cai
  • 18,968
  • 1
  • 20
  • 30