CVE-2009-0164
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
Date published : 2009-04-24
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html