web/security: Add CVE-2017-7862 and CVE-2017-7866