Description
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Table Builder-WordPress Table Cross-Site Scripting (1.3.9)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3667)
WordPress Plugin Aesop Story Engine Cross-Site Scripting (1.6)
WordPress Plugin SEO SQUIRRLY Multiple Unspecified Vulnerabilities (6.1.4)