HackerOne: Denial of service via cache poisoning

An attacker can persistently block access to any/all redirects on www.hackerone.com by using cache poisoning with the X-Forwarded-Port or X-Forwarded-Host headers to redirect users to an invalid port. To replicate: curl -H 'X-Forwarded-Port: 123'...