I have a client who uses Eclipse Jetty and they are getting the following result upon scanning:
NVT: Eclipse Jetty Server Fake Pipeline Request Security Bypass Vulnerability (OID: 220.127.116.11.4.1.25618.104.22.1683551)
Vulnerability Detection Result
Installed version: 9.4. Fixed version: 9.4.11.v20180605 Installation path / port: 9876/tcp
They have confirmed that they have version 9.4.12.v20180830 installed on the server in question. Based on the scan, it appears as though only the major version number, 9.4, is being detected by the scan. Is it possible that the scanner is detecting the version number incorrectly?