Description
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
Remediation
References
Related Vulnerabilities
WordPress Plugin Share This Image Unspecified Vulnerability (1.19)
WebLogic CVE-2020-14757 Vulnerability (CVE-2020-14757)
WordPress Plugin FileBird-WordPress Media Library Folders & File Manager SQL Injection (4.7.3)
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11817)