CVE-2015-2917

Published: Sep 21, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element.

Affected (2)

Products: Securifi: Almond Firmware, Almond 2015 Firmware

2 products

Almond Firmware

Almond 2015 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Securifi Almond Firmware	Up to al1-r201exp10-l304-w33

Running on/with	Platform Versions
Securifi Almond	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Securifi Almond 2015 Firmware	Up to al2-r088

Running on/with	Platform Versions
Securifi Almond 2015	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://www.kb.cert.org/vuls/id/906576

Source: cret@cert.org

PatchThird Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/906576

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.