CVE scan detecting wrong version

I ran a CVE scan against several hosts running the same Apache version, which detected version 2.4.62 as vulnerable. I upgraded all hosts to 2.4.66 and re-scanned all using the same OpenVAS Default used for the original scan. The scan shows the new version of Apache under Applications for all hosts. Then, after a CVE rescan, all but one of the hosts showed a cleared CVE scan. I tried deleting and recreating the CVE scan for the host and checked the server-status page to be sure it is running the latest version on the IP address and port reported by the scan. Still, this one host insists I’m running the old version. Any suggestions on how to resolve?

Also, I know I need to upgrade; this is on Kali running version 23.3.0 with all feeds current. The perplexing thing is that all the hosts show the new version after the upgrades and rescans, but only one host’s CVE scan is detecting the old version.

CVE Scans just relay on the CPE data from the last “real” scan. They are useful for attack surface prediction. To know what is real updated, you need to run a Full & Fast or at least a discovery scan.

Thanks. I just looked, and yes, the one server not showing the new versions was using the Base scan compared to the other two using Full & Fast.

Update - I also found ‘Add results to Assets’ set to No on the ‘real’ scan. This has to be set to Yes.