Security Response have recently blogged about a new threat called Java.Tomdep . This is a worm that targets Tomcat servers.
All Your Tomcat Are Belong to Bad Guys?
https://www-secure.symantec.com/connect/blogs/all-your-tomcat-are-belong-bad-guys
Tomcat is a component in many fine products, including the Symantec Endpoint Protection Manager (SEPM) and the LiveUpdate Administrator 2.x (LUA 2.x) server. If these have been configured them with weak passwords, they too might fall victim. Be sure that secure passwords are in place on these servers!
Remember that the SEPM and LUA 2.x provide no protection for the computer upon which they are installed. A SEP client is absolutely necessary on that machine, too- that SEP client can detect and remove Java.Tomdep, stopping the threat even if there is a weak password for the Tomcat component. It can stop thousands of other threats as well. Be sure that one is in place and up-to-date on your SEPM or LUA to keep those crucial components of your security infrastructure secure!