Adobe Dreamweaver dwsync.xml Remote Information Disclosure

medium Nessus Plugin ID 33926


The remote web server discloses the location of files and directories.


Adobe's Dreamweaver is known to produce 'dwsync.xml' files. These contain synchronization information that may include the list of files and directories synchronised. This can lead to information disclosure.


Disable the 'Maintain synchronization information' option from the Remote Info category of the advanced view of the Site Definition dialog box. In addition, remove the offending files if already created by the system.

Plugin Details

Severity: Medium

ID: 33926

File Name: dwsync.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 8/18/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N


Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:T/RC:X

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning