Information Medium Vega has detected content that matches the verbose Django error output. The Django error output includes sensitive information that could increase the likelihood of other attacks. Disclosure of absolute system paths and filesystem layout. Disclosure of system configuration settings and software versions. Disclosure of database configuration settings. The application error itself may suggest a security vulnerability. Verbose debug / error output should not be sent to remote clients on production systems. This can be disabled (and it is recommended to do so) by assigning the boolean DEBUG setting to False. This should be done in the settings file (e.g. settings.py). Users deploying with Apache and mod_python should also have PythonDebug Off in the Apache configuration files. The developers should investigate why the error occurred and whether or not there are security implications. Vega has detected content that matches the verbose error data output by servers running Django with the Django DEBUG setting set to True. The information in this output is sensitive: it includes absolute system paths, system configuration settings, information about the application code structure, system patchlevels, and database configuration. For production servers, it is strongly recommended that the DEBUG setting, a boolean value in the settings file, be set to False. The information obtained from this error page could increase the likelihood of success of another attack. Finally, the error itself should be investigated for security implications. Chapter 20: Security (Django Book) Django Settings (Django documentation) Information Leakage (OWASP) Information Leakage (WASC)