The remote host is using a version of Zend Framework that is vulnerable to a chosen-ciphertext attack vector.
Versions of Zend Framework earlier than 2.4.9 are exposed to a flaw in 'zend-crypt' that is triggered when 'Zend\Crypt\PublicKey\Rsa\PublicKey' contains a call to 'openssl_public_encrypt()' that ultimately uses PKCS1v1.5 padding. This padding has a known vulnerability, known as Bleichenbacher's chosen-ciphertext attack, which can be used to recover an RSA private key. This may potentially allow a remote attacker to decrypt ciphertext.
Upgrade Zend Framework to version 2.4.9 or later.