Just wanted to share that Qualys Dev team confirmed that false positives are being reported for QID 90178. Should be helpful for anyone running into issues getting QualysGuard to close those vulnerabilities. Qualys support said the fix has been created and will be released in a few weeks:
Per our phone conversation, our Vulnsigs Engineer has change[d] the signature and this will be addressed in vulnsigs version:
This should be pushed out within the next few weeks. Thank you for your patience on this issue.
Additional details/proof at my blog.