Originally I posted this issue under Bug 53259, but I find more and more vulnerable sites, so I think it is more appropriate to move to a new bug report.
According to SSL Labs these servers are "vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable":
- graphite.wikimedia.org
- gdash.wikimedia.org
- dumps.wikimedia.org
- noc.wikimedia.org
These are vulnerable but probably not exploitable:
- ganglia.wikimedia.org
- lists.wikimedia.org
[1] https://www.ssllabs.com/ssltest/analyze.html?d=noc.wikimedia.org
Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=53259
https://rt.wikimedia.org/Ticket/Display.html?id=7806