The best thing for you to do on a suspected False Positive is to open up an SR so we can really investigate the issue.
I think this vulneability is False positive.
I have experience like that situation.
We are doing checking all about finger and CGI, but there isn't have any service.
After a month. FSL update list have this vul some change. (MArch/30/2011)
Risk Level is going down 10 to 3. So now "finger CGi vuln" is Low revel risk vuln.