> Could you file an issue with the OWasp plugin instead to remove this CVE > from their list (if this is possible - I'm not sure how they are pulling > down advisories)?
The plugin downloads the NVD CVE data hosted by NIST. So to get rid of it, the configuration pattern cpe:2.3:a:apache:cxf:-:*:*:*:*:*:*:* needs to be changed: https://nvd.nist.gov/vuln/detail/CVE-2012-5786 No idea how to achieve that. Regards Dennis
