It's hard for me to get too worked up about this vulnerability:
Many popular applications, HTTP(S) and WebSocket transport libraries, and SOAP and REST Web-services middleware use SSL/TLS libraries incorrectly, breaking or disabling certificate validation. Their SSL and TLS connections are not authenticated, thus they -- and any software using them -- are completely insecure against a man-in-the-middle attacker.
Great research, and -- yes -- the vulnerability should be fixed, but it doesn't feel like a crisis issue.
Another article.