CVE-2015-7266

Name of the Vulnerable Software and Affected Versions IAB OpenRTB version 2.3

Description The issue concerns the Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation, which might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity. This is due to the failure to limit the time between bid responses and impression notifications.

Recommendations For IAB OpenRTB version 2.3, consider implementing time limits between bid responses and impression notifications to prevent exploitation of this issue. As a temporary workaround, restrict access to bid transaction status to minimize the risk of bid integrity compromise.