Description
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)
WordPress Plugin Powerplay Gallery Multiple Vulnerabilities (3.3)
MyBB CVE-2011-5133 Vulnerability (CVE-2011-5133)
Elgg Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2021-3980)