https://bugzilla.redhat.com/show_bug.cgi?id=1857040
--- Comment #13 from Cedric Buissart 🐶 cbuissar@redhat.com --- Statement:
Red Hat Certificate System 10.0 as well as Red Hat Enterprise Linux 8's Identity Management, are using a vulnerable version of Tomcat, bundled into the pki-servlet-engine component. However, HTTP/2 is not enabled in such a configuration, and thus it is not possible to trigger the flaw in a supported setup. A future update may fix the code.