Telnet protocol allows servers to obtain sensitive
environment information from clients.
It's not always clear whether an information exposure is intentional or
not. For example, CVE-2005-3261 identifies a PHP script that lists file
versions, but it could be that the developer did not intend for this
information to be public, but introduced a direct request issue
This overlaps other categories because some functionality might be intended by the developer, but is considered a weakness by the user or system administrator. In most cases, it is distinct from CWE-209: Information Exposure Through an Error Message because CWE-209 is often unintended.
In vulnerability theory terms, this covers cases in which the developer's
Intended Policy allows the information to be made available, but the
information might be in violation of a Universal Policy in which the
product's administrator should have control over which information is
considered sensitive and therefore should not be exposed.