Qualys researcher Ivan Ristic published data that indicates about half of servers running OpenSSL are vulnerable to CVE-2014-0224. Ristic estimates that about 36 percent of servers are running older versions of OpenSSL that are not exploitable. The flaw surfaced publicly on June 5, though experts said it s likely been in the OpenSSL codebase since Day 1 in 1998. An attacker would have to be in a man-in-the-middle position to exploit the bug to do so.
Source: https://threatpost.com/scans-quantify-vulnerable-openssl-servers/106665/