Description
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
Remediation
References
Related Vulnerabilities
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7864)
WordPress Plugin Easy WP SMTP Security Bypass (1.4.2)
WordPress Plugin PayPal Digital Goods powered by Cleeng Cross-Site Scripting (2.2.13)
Joomla! Core 1.5.12 Arbitrary File Upload (1.5.12)
WordPress Plugin Advanced Access Manager Cross-Site Scripting (6.7.9)