Adobe Dreamweaver dwsync.xml Remote Information Disclosure

medium Nessus Plugin ID 33926

Synopsis

The remote web server discloses the location of files and directories.

Description

Adobe's Dreamweaver is known to produce 'dwsync.xml' files. These contain synchronization information that may include the list of files and directories synchronised. This can lead to information disclosure.

Solution

Disable the 'Maintain synchronization information' option from the Remote Info category of the advanced view of the Site Definition dialog box. In addition, remove the offending files if already created by the system.

Plugin Details

Severity: Medium

ID: 33926

File Name: dwsync.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 8/18/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:F/RL:TF/RC:ND

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: E:F/RL:T/RC:X

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning