Stack Trace Disclosure (Django)
Summary#
Invicti identified a stack trace disclosure (Django) in the target web server's HTTP response.
Impact#
An attacker can obtain information such as:
- Exact Django & Python version.
- Used database type, database user name, current database name.
- Details of the Django project configuration.
- Internal file paths.
- Exception-generated source code, local variables and their values.
Remediation#
Apply the following changes on your Django settings file to prevent this problem: set
DEBUG
option to False
.