The remote web server uses a version of PHP that is affected by a SOAP WSDL injection vulnerability.
Versions of PHP 5.4.x earlier than 5.4.40, 5.5.x earlier than 5.5.24, or 5.6.x earlier than 5.6.8 contain a flaw in the cache directory that is due to the program creating files for the cache in a predictable manner. This may allow a remote attacker to inject WSDL files and have them be used in place of the intended file. Specifically, the default 'soap.wsdl_cache_dir' setting in 'php.ini-production' and 'php.ini-development' specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the 'get_sdl' function in 'ext/soap/php_sdl.c'.
Use a directory other than /tmp for the WSDL cache directory.