A security vulnerability

Remember the mandatory Host: header of HTTP/1.1. This is where this vulnerability is on a certain web application framework.