Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3
Fixed In:
11.6.0, 11.5.1 HF4, 11.4.1 HF6, 11.4.0 HF7, 11.3.0 HF9
Opened: Apr 03, 2014 Severity: 3-Major
ASM bypass techniques were found during Pentest.
Causes ASM to misbehave within the headers request parser, and fails to detect the relevant requests' content type.
Send traffic with multiple content type headers.
N/A
We improved how the system decides on the content profile when there is a request with multiple content-type headers.