DROWN (CVE-2016-0800)
DROWN is a cross-protocol TLS attack that uses a server's SSLv2 support to decrypt TLS traffic to the same key.
Definition
DROWN (Decrypting RSA with Obsolete and Weakened eNcryption, CVE-2016-0800) is a cross-protocol attack against TLS. If a server supports SSLv2 anywhere with the same RSA key it uses for TLS, an attacker can decrypt TLS traffic by replaying TLS handshakes against the SSLv2 endpoint and exploiting SSLv2's known weaknesses. The attack works even if the TLS client and server have no idea SSLv2 exists.
Mitigation
Disable SSLv2 on every endpoint that shares a key with a TLS server.