Nadhem Alfardan and Kenny Paterson devised an attack that recovers some bits of the plaintext of a GnuTLS session that utilizes that CBC ciphersuites, by using timing information.
In order for the attack to work the client must operate as follows. It connects to a server, it sends some (encrypted) data that will be intercepted by the attacker, who will terminate the client's connection abnormally (i.e. the client will receive a premature termination error). The client should repeat that, multiple times.
Who is affected by this attack?
How to mitigate the attack?