Hello,
I'm guessing you're talking about http://www-01.ibm.com/support/docview.wss?uid=swg21659226 and with 3.1 you're talking about the latest version of 3.1s i.e. 3.1.8.
Would you share the exact pattern (i.e. the URLs) used by the tool to mark those two PHP pages "vulnerable"?
TIA,
Matteo