web/security: add CVE-2014-2263