https://bugzilla.redhat.com/show_bug.cgi?id=1806835
--- Comment #15 from Yadnyawalk Tale ytale@redhat.com --- Statement:
OpenDaylight in Red Hat OpenStack 10 & 13 was in technical preview status, because of this no fixes will be released for it.
In Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.