If you're running a web server configured to use SSLv2, and particularly one that's running OpenSSL (even with all SSLv2 ciphers disabled!), you may be vulnerable to a fast attack that decrypts many recorded TLS connections made to that box. Most worryingly, the attack does not require the client to ever make an SSLv2 connection itself, and it isn't a downgrade attack. Instead, it relies on the fact that SSLv2 -- and particularly the legacy "export" ciphersuites it incorporates -- are pure poison, and simply having these active on a server is enough to invalidate the security of all connections made to that device.
So this essentially means that if you have any services with SSLv2 enabled (e.g. mail server) that share the same private key as other non-SSLv2 enabled services (e.g. web), that can be used to decrypt your TLS traffic. Time to check all services have SSLv2 disabled (this means not just disabling the ciphers, but fully disabling SSLv2 and SSLv3).