web/security: add CVE-2015-3417