The latest SSL Pulse shows zero servers vulnerable to CVE-2014-0224, down from about 15% last month. (See .gif)
Did the vulnerability disappear somehow, or did something break?
Yes, the June scan was botched as far as CVE-2014-0224 is concerned. Another scan is now in progress and we'll update the data once it's complete.
Online banking server from the recent results:
SSL Server Test: ic.nsd.ru (Powered by Qualys SSL Labs)
Assessed on: Tue, 09 Jun 2015 08:05:53 UTC
This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable. Grade set to F.
Right, so it's safe to say the scanner is not broken, the vulnerability didn't disappear and there hasn't been a global 'patch your server' session.
So why did it disappear from the SSL Pulse?
Something buggy in SSL Pulse rating, but looks so beautiful!
Retrieving data ...