Both the SSL Labs website and the VM module report a specific site of ours as being vulnerable but through all tools/scripts I have tried which perform the actual exploit, it does NOT appear to be exploitable. Is anyone else experiencing this scenario? Still tracking down all the details for the server (whether its a VM, OS version, etc) but has anyone else experience false positives with the heartbleed QID? or more importantly, any false negaties?
Will post more info when it becomes available.