I ran the Qualys Authenticated Scan with Full and PCI audit. I was lookingto verify whether cve-2012-3546 is checked. Now I know that the Tomcat Version on the target host has this vulnerability and needs to be upgraded. However Qualys Scan did not generate this vulnerability in either PCI or Full. I wanted to see whether this vulnerabiliy was checked.
I checked the Knowledge Base and this was published on March 20 and I have the appliance updated with the latest signatures (Scanner 6.10.29-1, Vulnerability Signatures 2.2.389-2).
Is there a log file that I can check ? How do I ensure that this vulnerability is checked for?