Ideally, with anonymous access disabled, unauthenticated users are not able to get any information from Confluence(e.g. space names, pages, version).
Though, if anonymous access is disabled and an invalid URL is entered (e.g. http://<host-name>/invalidurl), a redirection happens to an error page. The error pages displays in the lower right corner, a list of space names with are visible to ALL users or with no permissions assigned to them (e.g. Please review the attached screenshot).

This information should not be made visible or available to unauthenticated users. Instead a check should be performed before directing the user to "Error Page" to ensure the user is authenticated, and if the user is not authenticated, then a redirection to the login page must happen.