How do I fix this Trustwave complaint on Mantis?

[UlfDunkel]

I run Mantis (v1.2.8, Schema 183) on a website which is scanned regularly by Trustwave due to security reasons for credit card handling. Everytime the scan fails because of this issue:

Virtual Hosts: http://www.dsd.net
Session Cookie: MANTIS_secure_session
URL: /bugs/login.php

Details:
Ruby on Rails Session Fixation Vulnerability

Severity: Medium
PCI Status: Fail
CVE: CVE-2007-5380, CVE-2007-6007

Description:
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

Remediation:
Upgrade to Ruby on Rails version 1.2.6 or newer and set 'config.action_controller.session_options[:cookie_only]' to

'true' in the 'config/environment.rb' file (if it is not already).

When I check my server for Ruby on Rails, it tells me this:

# ruby --version
ruby 1.9.2p290 (2011-07-09 revision 32553) [x86_64-linux]
# rails --version
The program 'rails' is currently not installed. You can install it by typing:
apt-get install rails

I wonder if this scan issue report is bullshit, or if I have to install rails at all?
In fact, Mantis works without any (other) issues on my server since years.

Can some Mantis nerd give me any hint on these questions?

[Lapinkiller]

Hello,

it's very strange, because mantis doesn't use Ruby On rails...

Maybe a bug in Trustwave

[UlfDunkel]

I have opened a dispute on Trustwave's scan report and marked this issue to be "false positive". Still waiting for their reply.