DROWN, the latest in a series of SSL/TLS-related security vulnerabilities that was revealed a week ago, can be exploited to intercept, decrypt, access and modify encrypted data even when it’s sent via TLS (the newer and more secure version of SSL) if there is a server with SSL v2 enabled that uses the same private key.
Updates were released to address the vulnerability in OpenSSL, but a scan of servers conducted this week showed that most of the cloud services that are affected by this vulnerablity still had not fixed the problem. Ouch.
Read more here:
http://www.securityweek.com/drown-vulnerability-still-unpatched-most-cloud-services