Description of problem:

On any RHEL 8.10 based installation of Red Hat Satellite 6, We can observe both the pki-servlet-engine and tomcat package installed and they are still considered dependencies of candlepin. 

The pki-servlet-engine does not contains any files or scriptlets in it but still cannot be removed. 

The mere presence of this package pki-servlet-engine, marks RH Satellite installations affected by several tomcat\pki-servlet-engine CVEs which were resolved by latest tomcat package already. 

We don't see it happening for Satellite 6.16 installed on RHEL 9. 

How reproducible:

Always

Is this issue a regression from an earlier version:

Kind of

Steps to Reproduce:

1. Install a Satellite 6.13\6.14\6.15\6.16 on RHEL 8.10 ( i did on 6.16 )

2. Check the installed packages i.e. tomcat and pki-servlet-engine

3. Try to remove pki-servlet-engine

Actual behavior:

# rpm -q pki-servlet-engine tomcat
pki-servlet-engine-9.0.62-1.module+el8.10.0+21257+2b5308b5.noarch
tomcat-9.0.87-1.el8_10.2.noarch

# rpm -ql pki-servlet-engine 
(contains no files)


# dnf remove pki-servlet-engine
Error: 
 Problem: The operation would result in removing the following protected packages: satellite
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

Expected behavior:

The package pki-servlet-engine should not be installed or can be gracefully removed if not needed. 

The behavior should be fixed in 6.16.z, 6.15.z  ( and if possible 6.14.z as well ), running on RHEL 8

Business Impact / Additional info:

Shows several Important CVEs as affected while they are actually not