The remote host is using a version of Zend Framework that is vulnerable to HTTP response splitting attacks.
Versions of Zend Framework earlier than 2.3.8, or 2.4.x earlier than 2.4.1 are vulnerable to a flaw in the 'Zend\Mail' and 'Zend\Http' components that is triggered as CRLF (Carriage Return and Line Feed) character sequences are not properly sanitized before being included in responses. This allows a context-dependent attacker to inject additional headers into responses to conduct HTTP response splitting attacks.
Upgrade Zend Framework to version 2.4.1 or later. If version 2.4.x is not available, version 2.3.8 is also patched for these vulnerabilities.