HTTP/1.1 Must Die: Why This 6-Year-Old Vulnerability Is Still a Major Threat