Bug ID 455389: Multiple content type headers detection

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3

Fixed In:
11.6.0, 11.5.1 HF4, 11.4.1 HF6, 11.4.0 HF7, 11.3.0 HF9

Opened: Apr 03, 2014

Severity: 3-Major

Symptoms

ASM bypass techniques were found during Pentest.

Impact

Causes ASM to misbehave within the headers request parser, and fails to detect the relevant requests' content type.

Conditions

Send traffic with multiple content type headers.

Workaround

N/A

Fix Information

We improved how the system decides on the content profile when there is a request with multiple content-type headers.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips