Yes, in theory. And it is a very thin theory indeed. I have yet to see that attack succeed in real-life situations. It basically can only work against https connections and requires that the server side has fairly outdated configuration. For ssh, good luck trying!