Any ideas? Is this a false positive on a pci scan:

The remote web server hosts CGI scripts that fail to adequately sanitize request strings. They seem to be vulnerable to a 'format string' attack. By leveraging this issue, an attacker may be able to execute arbitrary code on the remote host subject to the privileges under which the web server operates.

Please inspect the results as this script is prone to false positives.


Solution:
Restrict access to the vulnerable application / scripts. And contact the vendor for a patch or upgrade.


CVSS Information:
Low Attack Complexity, Partial Confidentiality Impact, Partial Integrity Impact, Partial Availability Impact


Additional References:
http://en.wikipedia.org/wiki/Format_string_attack


Information from Target:
Using the GET HTTP method, Nessus found that :

+ The following resources may be vulnerable to format string :

/shop/pages/wholesale-clubs-group-buys-1.html?zenid=%08x