It was found that 3scale backend does not perform preventive handling on user-requested date ranges in certain queries. A malicious authenticated user could submit a request with a sufficiently large date range eventually yielding an internal server error, resulting in denial of service.