8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header.
https://exchange.xforce.ibmcloud.com/vulnerabilities/44238
http://www.securityfocus.com/archive/1/495117/100/0/threaded