Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Henk_Oostland's avatar
Henk_Oostland
Icon for Nimbostratus rankNimbostratus
Jun 12, 2017

SQL injection problem!

We have an application VIP with an ASM profile. The application runs on Windows, IIS, ASP.net and SQL server.

 

Our BIGIP runs TMOS11.5.4HF4.

 

The application requires a login. When we fill in: 1'or'1'= '1'in te username field, ASM blocks the request. When we fill in: 1'or'1'= '1'-- ASM does not block the request.

 

What is the problem?

 

3 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Jun 12, 2017

    Henk, do you have the following Attack Sigs associated to your ASM Security policy and not in Staging? 200002430, 200002419, 200002444?