Citrix Netscaler NS10.5 suffers from a WAF bypass vulnerability via HTTP header pollution.