Is the solution applied in Quarkus?
Solution: https://access.redhat.com/solutions/4851251
Problem: https://its.ny.gov/security-advisory/multiple-vulnerabilities-red-hat
We don't use/expose AJP in Quarkus so you're safe on this side.