Fix handling of numerical versions

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java

@@ -234,6 +234,13 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
         if (str == null || str.isEmpty()) {
             return false;
         }
+
+        // numbers/versions with leading zeros should not be treated as numbers
+        // (e.g. when comparing "01" <-> "1")
+        if (str.charAt(0) == '0') {
+            return false;
+        }
+
         for (int i = 0; i < str.length(); i++) {
             final char c = str.charAt(i);
             if (c < '0' || c > '9') {

dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java

@@ -125,6 +125,10 @@ public class VulnerableSoftwareTest extends BaseTest {
         vs1.setCpe("cpe:/a:hp:system_management_homepage:2.1.10-186");
         assertTrue(vs.compareTo(vs1) < 0);
         //assertTrue(vs1.compareTo(vs)>0);
+
+        vs.setCpe("cpe:/a:ibm:security_guardium_database_activity_monitor:10.01");
+        vs1.setCpe("cpe:/a:ibm:security_guardium_database_activity_monitor:10.1");
+        assertTrue(vs.compareTo(vs1) < 0);
     }
 
     @Test