Ping Identity PingAccess prior to 5.3.3 allows HTTP request smuggling via header manipulation.
pingidentity pingaccess