Description
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3144 Vulnerability (CVE-2018-3144)
Grafana Missing Authentication for Critical Function Vulnerability (CVE-2022-28660)
PostgreSQL Missing Authorization Vulnerability (CVE-2020-1720)
WordPress Plugin FireStorm Professional Real Estate Multiple SQL Injection Vulnerabilities (2.05.01)
WordPress Plugin Skype Legacy Buttons Multiple Vulnerabilities (3.0.4)