Internet Bug Bounty: SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
This is a DROWN-related issue that essentially circumvented the instructions on how to disable SSLv2 at the time. Its primary effect was that a lot of servers were vulnerable to DROWN even though they thought they had SSLv2 disabled. It was reported to OpenSSL and fixed in versions 1.0.2f and...