This vulnerability affects the way Apache handles encrypted session data.
Modern versions (2.4.58+) have patched these legacy flaws. apache httpd 2.4.18 vulnerability