Bug ID 455389: Multiple content type headers detection

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3

Fixed In:
11.6.0, 11.5.1 HF4, 11.4.1 HF6, 11.4.0 HF7, 11.3.0 HF9

Opened: Apr 03, 2014

Severity: 3-Major


ASM bypass techniques were found during Pentest.


Causes ASM to misbehave within the headers request parser, and fails to detect the relevant requests' content type.


Send traffic with multiple content type headers.



Fix Information

We improved how the system decides on the content profile when there is a request with multiple content-type headers.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips