Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. (CVE-2016-3500)
Impact
An attacker that uses specially crafted XML files can cause a Java application, using JAXP, to consume excessive amounts of memory and CPU time when parsed if the system is configured to load and process XML documents from untrusted sources.