Wrong response status line search string for vulnerability #1
Description
The search string of Illegal character 0x0 in state is really the wrong way to look for this vulnerability.
It should verify that the response is of error code 400, then look for either "<<<" or ">>>" in the response status line. If either of those 2 strings exist, then you have a vulnerable system.
The important part is the buffer that is revealed, check for that.
That can easily be checked for using one of those 2 strings "<<<" or ">>>"
Jetty 9.2.9 (with fix) currently returns 400 Illegal character 0x[0-9A-F]*, but if we add back the state reference to include WHERE in the header the fault resided then it would be 400 Illegal character 0x[0-9A-F]* in state [A-Z_]*, which means your scan and script now triggered on a valid version of Jetty as having a fault. Even though no such thing actually occurred.