From 0937a2aa42a0921bea9c218159f7b7a9b1d28233 Mon Sep 17 00:00:00 2001
From: thc202 <thc202@gmail.com>
Date: Fri, 18 Jul 2025 15:15:50 +0100
Subject: [PATCH] Correct poll header validation/usage

Split the headers into two parts (at most) as that's the number
required.

Signed-off-by: thc202 <thc202@gmail.com>
---
 .../org/zaproxy/zap/authentication/AuthenticationMethod.java    | 2 +-
 .../extension/authentication/ContextAuthenticationPanel.java    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/zap/src/main/java/org/zaproxy/zap/authentication/AuthenticationMethod.java b/zap/src/main/java/org/zaproxy/zap/authentication/AuthenticationMethod.java
index e5488c7275b..2623ef0c4df 100644
--- a/zap/src/main/java/org/zaproxy/zap/authentication/AuthenticationMethod.java
+++ b/zap/src/main/java/org/zaproxy/zap/authentication/AuthenticationMethod.java
@@ -417,7 +417,7 @@ public HttpMessage pollAsUser(User user) throws IOException {
         }
         if (this.getPollHeaders() != null && this.getPollHeaders().length() > 0) {
             for (String header : this.getPollHeaders().split("\n")) {
-                String[] headerValue = header.split(":");
+                String[] headerValue = header.split(":", 2);
                 if (headerValue.length == 2) {
                     pollMsg.getRequestHeader()
                             .addHeader(headerValue[0].trim(), headerValue[1].trim());
diff --git a/zap/src/main/java/org/zaproxy/zap/extension/authentication/ContextAuthenticationPanel.java b/zap/src/main/java/org/zaproxy/zap/extension/authentication/ContextAuthenticationPanel.java
index 48a5d618a36..417ec404678 100644
--- a/zap/src/main/java/org/zaproxy/zap/extension/authentication/ContextAuthenticationPanel.java
+++ b/zap/src/main/java/org/zaproxy/zap/extension/authentication/ContextAuthenticationPanel.java
@@ -724,7 +724,7 @@ public void validateContextData(Session session) throws Exception {
             }
             for (String header : this.getPollHeadersField().getText().split("\n")) {
                 if (header.trim().length() > 0) {
-                    String[] headerValue = header.split(":");
+                    String[] headerValue = header.split(":", 2);
                     if (headerValue.length != 2) {
                         throw new IllegalStateException(
                                 Constant.messages.getString(