Telnet protocol allows servers to obtain sensitive
environment information from clients.
This overlaps other categories, but it is distinct from the error message
It's not always clear whether an infoleak is intentional or not. For
example, CVE-2005-3261 identifies a PHP script that lists file versions, but
it could be that the developer did not intend for this information to be
public, but introduced a direct request issue instead.
In vulnerability theory terms, this covers cases in which the developer's
Intended Policy allows the information to be made available, but the
information might be in violation of a Universal Policy in which the
product's administrator should have control over which