DoS on PayPal via web cache poisoning
Medium
P
PayPal
Submitted None
Team Summary
Official summary from PayPal
On https://paypal.com/, you could impact core functionality by using an invalid Transfer-Encoding header to replace JavaScript files from www.paypalobjects.com with the message '501 Not Implemented'. This was patched and awarded a $9,700 bounty.
Actions:
Reported by
albinowax
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$9700.00
Submitted
Weakness
Uncontrolled Resource Consumption