Thanks, I'm going to ask the Apache security team for some advice on how to handle this.
Colm. On Wed, Apr 19, 2017 at 12:30 PM, Dennis Kieselhorst <[email protected]> wrote: > > Could you file an issue with the OWasp plugin instead to remove this CVE > > from their list (if this is possible - I'm not sure how they are pulling > > down advisories)? > > The plugin downloads the NVD CVE data hosted by NIST. > > So to get rid of it, the configuration pattern > cpe:2.3:a:apache:cxf:-:*:*:*:*:*:*:* needs to be changed: > https://nvd.nist.gov/vuln/detail/CVE-2012-5786 > > No idea how to achieve that. > > Regards > Dennis > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
