The Amnesia Bug in IAB OpenRTB 2.3 Protocol Implementation: Concealing Ad Transaction Status and Compromising Bid Integrity

The Amnesia Bug in IAB OpenRTB 2.3 Protocol Implementation: Concealing Ad Transaction Status and Compromising Bid Integrity

CVE-2015-7266 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug.

Learn more about our Web Application Penetration Testing UK.