https://bugzilla.redhat.com/show_bug.cgi?id=1798509
--- Comment #35 from Jonathan Christison jochrist@redhat.com --- Marking Red Hat Jboss Fuse 6 as having a moderate impact, Fuse 6 distributes affected versions of Netty, however its use in Fuse 6 fabric-gateway is not susceptible to the vulnerability as the fabric-gateway will create a new http client upon each gateway invocation, this means there is no multiplexing of connections, this is a prerequisite of HTTP smuggling/desynchronisation attacks.
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.