resteasy-yaml-provider is marked as unsupported here. Marking EAP 7 as not affected
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/paged/7.0.0_release_notes/release_notes_unsupported_and_deprecated_functionality

Mitigation:

If the YamlProvider is enabled it's recommended to add authentication, and authorization to the endpoint expecting Yaml content to prevent exploitation of this vulnerability.

This won't be fixed in JBoss EAP 6.4, or 7.1 as the YamlProvider in RESTEasy is unsupported.

Acknowledgments:

Name: Rui Chong (Baidu)

Created resteasy tracking bugs for this issue:

Affects: fedora-all [bug 1539175]

Statement:

This issue only affects applications which have the YamlProvider explicitly enabled by adding or appending a file with the name 'META-INF/services/javax.ws.rs.ext.Providers' to your WAR, or JAR with the contents 'org.jboss.resteasy.plugins.providers.YamlProvider'

resteasy-base as shipped in Red Hat Enterprise Linux 7 does not include YamlProvider.

Red Hat Subscription Asset Manager version 1 is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.

This issue affects the versions of resteasy as shipped with Red Hat Satellite version 6, however Satellite version 6 does not use the affected functionality. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue.

For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.