Uncontrolled Resource Consumption
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 188.8.131.52.0, 184.108.40.206, and 220.127.116.11 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.
CWE-400 - Uncontrolled resource consumption
An uncontrolled resource allocation attack (also known as resource exhaustion attack) triggers unauthorized overconsumption of the limited resources in an application, such as memory, file system storage, database connection pool entries, and CPU. This may lead to denial of service for valid users and degradation of the application's functionality as well as that of the host operating system.