We have an on-premise vulnerability scanner, and it is catching the Foreman servers for having MultiViews enabled.
The supposed vulnerability is here:
MultiView is explicitly enabled by pulpcore:
/etc/httpd/conf.d/10-rhsm-pulpcore-https-443.conf
/etc/httpd/conf.d/10-rhsm-pulpcore-https-8443.conf
Question: can MultiViews be disabled without affecting Foreman/Katello operations?
You might want to check back with your vulnerability scanner if that thing is properly working.
The vulnerability you linked is a CVE from 2001 and according to the info present there, only present in Apache 1.X versions. Every even remotely modern distro (and definetly every distro that supports running Foreman/Katello on it) uses Apache 2.4 nowadays, so that “finding” is definitely a false-positive.
I cannot tell you if disabling MultiViews would be possible (I guess no), but I would also advise to not act on false positive findings by any scanner.