Diego Angulo

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.4.37 and prior **Description** The issue is related to the mod session module in Apache HTTP Server, where the session expiry time is checked before decoding the session. This causes the session expiry time to be ignored for mod session cookie sessions, as the expiry time is loaded when the session is decoded. The exploitation of this issue may allow a remote attacker to impact the integrity of protected data. **Recommendations** For Apache HTTP Server versions 2.4.37 and prior, consider updating to a version where the mod session module correctly checks the session expiry time after decoding the session, or apply a patch that fixes this issue if available. As a temporary workaround, consider restricting access to mod session cookie sessions to minimize the risk of exploitation.