Apache HTTP Server Vulnerability - CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29 when mod_session is configured to forward its session data to CGI applications (SessionEnv on not the default) a remote user may influence their content by using a quotSessionquot header. This comes from the quotHTTP_SESSIONquot variable name used by mod_session to forward its data to CGIs since the prefix quotHTTP_quot is also used by the Apache HTTP Server to pass HTTP header fields per CGI specifications.