This looks like a form of CVE-2015-0253, which affected upstream apache 2.4.11, was introduced by the backport. The fix is to ensure r->protocol is always populated:
https://svn.apache.org/viewvc?view=revision&revision=1668879 -- Doran Moppert Red Hat Product Security
