CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-2917

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.3%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.kb.cert.org/vuls/id/906576
http://www.kb.cert.org/vuls/id/906576

Products affected by CVE-2015-2917

Securifi » Almond-2015 » Version: Any

cpe:2.3:h:securifi:almond-2015:*
Securifi » Almond » Version: Any

cpe:2.3:h:securifi:almond:*
Securifi » Almond-2015 Firmware » Version: Any

cpe:2.3:o:securifi:almond-2015_firmware:*
Securifi » Almond Firmware » Version: al-r096

cpe:2.3:o:securifi:almond_firmware:al-r096

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2917

Products

Pricing

Contact Us