[原文]Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
Novell NetWare NDS ndsobj.nlm Information Disclosure
Loss of Confidentiality
Novell web services contain a flaw that allows a remote attacker to enumerate sensitive information such as user names, group names, and other system information. The issue is due to the presence of the "ndsobj.nlm" file and NDS browsing being enabled.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Remove [Public] read access from the root of the NDS tree(s), which will keep everyone, including internal non-authenticated users from browsing your internal tree.