Vulnerability is a man-in-the-middle (MitM) attack in which an attacker can use an SSL feature called negotiation to inject bad stuff into an SSL session. In order to use an MitM attack to actually effect damage isn t entirelyrivial. The attacker either needs to be on the same local network as the client, or in the network path between the client and the server. By far, the most likely of these scenarios, at least in the near term, is to attack systems on a local network.
Source: https://threatpost.com/security-writer-questions-impact-ssl-flaw-111209/73091/