CVE-2014-2314

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-2314. PoCs published by Metasploit, Philippe Arteau, juan vazquez, including Metasploit module exploits/windows/http/jira_collector_traversal.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in JIRA 6.0.3 to achieve remote code execution on Windows systems. It uploads a malicious JSP file via a traversal path and executes it to drop and run a payload.

Description

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/32725

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in JIRA 6.0.3 to achieve remote code execution on Windows systems. It uploads a malicious JSP file via a traversal path and executes it to drop and run a payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Atlassian JIRA 6.0.3

No auth needed

Prerequisites: Network access to JIRA instance · JIRA 6.0.3 or earlier running on Windows

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Philippe Arteau, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/jira_collector_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in JIRA 6.0.3 to achieve remote code execution on Windows systems. It uploads a malicious JSP file via a traversal flaw in the issues collector attachment handling, then executes it to drop and run a payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Atlassian JIRA 6.0.3

No auth needed

Prerequisites: Network access to JIRA instance · JIRA 6.0.3 or earlier · Windows target environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/32725

Exploit x_refsource_misc

http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html

Atlassian JIRA <6.0.4 - Path Traversal

Exploitation Summary

Description

Exploits (2)

References (3)

Scores

Details