CVE-2015-2917

2015-09-2110:59:05

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

56.6%

JSON

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element.

Affected configurations

Nvd

Node

securifialmond_firmwareRange≤al1-r201exp10-l304-w33

AND

securifialmond

Node

securifialmond-2015_firmwareRange≤al2-r088

AND

securifialmond-2015

VendorProductVersionCPE
securifialmond_firmware*cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*
securifialmond*cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*
securifialmond-2015_firmware*cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*
securifialmond-2015*cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
securifi	almond_firmware	*	cpe:2.3:o:securifi:almond_firmware::::::::
securifi	almond	*	cpe:2.3:h:securifi:almond::::::::
securifi	almond-2015_firmware	*	cpe:2.3:o:securifi:almond-2015_firmware::::::::
securifi	almond-2015	*	cpe:2.3:h:securifi:almond-2015::::::::