Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Aurel's avatar
Aurel
Icon for Cirrus rankCirrus
Jan 15, 2019

ASM : Multipart/form-data parameter value violation

Hello, After spending some time reading and searching, i can't find complete information to understand my blocking. ASM has blocked multipart/form-data content from a POST request. First is SQL injec...
application delivery
ASM Advanced WAF
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Jan 15, 2019

  1. If you have:

    Content-Disposition: form-data; name="_app_generated_name" then yes "_app_generated_name" is a parameter and is being correctly recognised

     

  2. If POST parameter value contains bits of JavaScript ASM will of course block it as this looks like a code injection attack. There might be some legit reason for it, if this is how your application works (for example if it is a CMS/Content Management System then users with editor privileges can upload content, however regular users/visitors of the website must not be able to do that, otherwise hackers can upload any code they want and hack into the website.