It's possible tyo bypass protection (register_globals = on for example) of virtual host by requestin host without protection in same HTTP keep-alive connection before.
vulners.com/securityvulns/securityvulns:doc:5735