Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Eclipse Jetty web server library that could lead to request data corruption or leakage between sessions (CVE-2024-13009).

Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Jetty is vulnerable to improper handling of malformed gzip requests, which may lead to request data corruption or inadvertent leakage of request data between sessions under certain conditio...

Security Bulletin: User Entity Behavior Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. User Entity Behavior Analytics App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-12758 DESCRIPTION: Versions of t...

Security Bulletin: Vulnerabilities in Eclipse affect Tivoli Netcool/OMNIbus. (CVE-2024-13009, CVE-2024-47554)

Summary There are vulnerabilities in the MIB Manager application that is part of Tivoli Netcool/OMNIbus. Vulnerability Details CVEID:CVE-2024-13009 DESCRIPTION: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a reques...

Security Bulletin: Due to use of jetty-server IBM webMethods BPM is vulnerable to corrupted and/or inadvertent sharing of data between requests

Summary IBM webMethods BPM is using jetty-server which is affected by a known vulnerability CVE-2024-13009. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-13009 DESCRIPTION: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Eclipse Jetty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

RHEL 8 : Satellite 6.15.5.4 Async Update (Important) (RHSA-2025:15643)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15643 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide...

Linux Distros Unpatched Vulnerability : CVE-2024-13009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result ...

TencentOS Server 4: jetty (TSSA-2025:0390)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0390 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Improper Resource Shutdown or Release in Eclipse Jetty (CVE-2024-13009)

Summary Eclipse Jetty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD. CVE-2024-13009 Vulnerability Details CVEID:CVE-2024-13009 DESCRIPTION: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. Thi...

openSUSE Security Advisory (SUSE-SU-2025:01738-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2025:01738-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01738-1 advisory. Upgrade to version 9.4.57.v20241219 - CVE-2024-6763: the HttpURI class does insufficient...

jetty-annotations-9.4.57-1.1 on GA media (moderate)

jetty-annotations-9.4.57-1.1 on GA media Announcement ID: openSUSE-SU-2025:15160-1 Rating: moderate Cross-References: CVE-2024-13009 CVE-2024-6763 CVSS scores: CVE-2024-13009 SUSE : 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2024-6763 SUSE : 4.8...

SUSE CVE-2024-13009

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...

Eclipse Jetty Information Disclosure Vulnerability (GHSA-q4rv-gq96-w7c5) - Windows

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

CVE-2024-13009 vulnerabilities

Vulnerabilities for packages: cassandra-reaper, webswing...

CVE-2024-13009 vulnerabilities

Vulnerabilities for packages: cassandra-reaper...

CVE-2024-13009

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...

CVE-2024-13009

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...

CVE-2024-13009 Eclipse Jetty GZIP buffer release

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...

CVE-2024-13009

CVE-2024-13009 (Jetty) affects Jetty 9.4.0–9.4.56 where a gzip error during inflating a request body can cause a buffer to be released incorrectly, potentially corrupting or sharing data between requests. Public IBM bulletins tie this CVE to IBM QRadar SIEM, IBM Storage Scale, and Tivoli Netcool/...