Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to ‘mod_http2 Null Pointer Dereference’.
CVE-2017-7659 is categorized as a ‘NULL Pointer Dereference’ vulnerability (CWE-476).
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is actually NULL. That, will probably cause a crash or an exit.
NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
By using a maliciously crafted HTTP/2 request, that could cause mod_http2 in Apache to dereference a NULL pointer, thus crashing the server process.
That, could lead to a decrease in performance and interruptions in the availability of resources.
To fix CVE-2017-7659, upgrade the version of Apache HTTP Server being used to 2.4.26.