Anyone ever experience false positive detections for Adobe ColdFusion 2016?
I have rarely experienced any false positives from Qualys in the few years i have used it, so I'm struggling to accept that it may in fact be a false positive.
A server I'm scanning is running ColdFusion 2016 update 13 (2016.0.13.316217), but Qualys is flagging every version below 13 as missing:
D:\Apps\ColdFusion2016\cfusion\lib\updates\chf20160012.jar is missing
D:\Apps\ColdFusion2016\cfusion\lib\updates\chf20160011.jar is missing
D:\Apps\ColdFusion2016\cfusion\lib\updates\chf20160010.jar is missing
D:\Apps\ColdFusion2016\cfusion\lib\updates\chf20160008.jar is missing
D:\Apps\ColdFusion2016\cfusion\lib\updates\chf20160007.jar is missing
D:\Apps\ColdFusion2016\cfusion\lib\updates\chf20160006.jar is missing
ColdFusion2016 updates are cumulative, so I would assume the version check would find the chf20160013.jar located on the server and dismiss all superceded QIDs.