Автор оригинала: David Wong.
описание проблемы
Detection of Http Host Header Attack Vulnerability in Target URL
When Apache does not set ServerName, the value of $_SERVER['SERVER_NAME'] receives the value sent by the client, which can exploit the vulnerability to attack the server.
Условия урегулирования
Apache has been validated and the method is feasible. Please modify other server software by yourself.
Апач
ServerName needs to be specified in the Apache configuration file and UseCanonical Name set to On;
Nginx Tomcate repair method refers to https://www.freebuf.com/articles/web/178315.html