Please help to understand.
Mentioned QID is reported as a reference of CVE-2007-6750. In Results I see:
QID: 86847 detected on port 443 over TCP - Apache 2.2.3#
But I'm running Apache 2.4.29
What may be the issue?
Thanks in advance!
Is Apache embedded in another application on your asset? Often vendors embed apache code in their product code and do not update the apache application header, causing false positives to occur.
Additionally, security best practices suggest it's prudent to suppress HTTP response header content, and in protecting your platform, you will also find this QID will stop reporting.
If you're still stumped as to the root cause, it may be necessary for you to contact your TAM and/or Qualys Customer Portal for assistance reviewing your raw scan output to determine if several contributing factors might be in play:
Retrieving data ...