Primary

Context

IBM i Host Header Injection Vulnerability in Navigator for i

Vulnerability

A host header injection vulnerability has been identified in IBM i versions 7.3, 7.4, 7.5, and 7.6. This vulnerability arises from improper neutralization of HTTP header content by IBM Navigator for i, allowing authenticated users to manipulate the host header in HTTP requests. This manipulation can change the domain or IP address, potentially leading to unexpected behavior.

Impact

Exploitation of this vulnerability could result in host header injection, allowing for manipulation of the host header in HTTP requests. This could lead to unexpected behavior on the server.

Remediation

Users can apply a PTF to IBM i to address this vulnerability. The PTF numbers for the fixed version are SJ04647 for 7.6, SJ03406 for 7.5, SJ03404 for 7.4, and SJ03402 for 7.3. These PTFs can be downloaded from the IBM My Support portal.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM i Host Header Injection Vulnerability in Navigator for i

Vulnerability

Impact

Remediation

Affected Products

IBM i

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating