HTTP Host header can be used to attack websites that use the value of HTTP host header without validating it which will allow user to inject payload which can change the server's behaviour. Note that the host header can be easily modfied by proxies. 

Typically a webapplication may use HTTP host header for generating absolute url.

HTTP Host header attack can be used for

How to prevent HTTP host header attack

Read more