CVE 2009-0164
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
See the
CVE page on Mitre.org
for more details.