Last Modified: Jan 13, 2026
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3
Opened: Aug 05, 2024 Severity: 3-Major
Requests may be blocked with the violation “Illegal dynamic parameter value” even though the parameter values were correctly extracted from application responses using “Search in Links” and should be treated as valid.
Legitimate application traffic may be blocked because values extracted from links are not recognized as valid dynamic parameter values.
- A parameter is configured with Dynamic content value - “Check – Search in Links” is enabled for the parameter - The parameter value is extracted from response links (HREF) - The extracted value is later used in a client request while the policy is enforced
None
None