AnsweredAssumed Answered

How do I determin whether a specific vulnerability was verified?

Question asked by R M on Mar 22, 2013

I ran the Qualys Authenticated Scan with Full and PCI audit. I was lookingto verify whether cve-2012-3546 is checked. Now I know that the Tomcat Version on the target host  has this vulnerability and needs to be upgraded. However Qualys Scan did not generate this vulnerability in either PCI or Full. I wanted to see whether this vulnerabiliy was checked.


I checked the Knowledge Base and this was published on March 20 and I have the appliance updated with the latest signatures (Scanner 6.10.29-1, Vulnerability Signatures 2.2.389-2).


Is there a log file that I can check ? How do I ensure that this vulnerability is checked for?