The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18765
http://www.securityfocus.com/bid/12181