The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.1 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the PHP XSLTProcessor class, which fails to properly handle NULL pointer returned the valuePop() function. Successful exploitation could allow remote attackers to cause PHP to crash.