Kayran has detected that the version of Apache HTTP Server being used is vulnerable to a NULL Pointer Dereference vulnerability.
That could happen when an HTTP/2 stream was destroyed after being handled leading to the HTTP Server potentially writing a NULL pointer to an already freed memory. Also known as CVE-2018-1302.
Although it’s classified as low risk, the application dereferences a pointer that it expects to be valid, but is actually NULL, that, could cause crashes or an exit.
CVSS Version 3.x – 5.9 Medium
To fix CVE-2018-1302, upgrade the version of Apache Server being used to 2.4.33.