There's an Apache Tomcat I'm managing that's in the wild (internet).
Saturday evening it was under attack.
I use Tomcat's manager console to drop applications from time to time and I had it's password pretty simple. Within this console a new java web application may be installed.
What's even worse is that that Tomcat instance was running with pretty high privileges.
It was a test machine, only a few guys knew the address.
So using this console a trojan was inserted. The admin password was changed. This trojan might have succeeded if it weren't for the antivirus that got the trojan on time (yes, it was a windows machine).
The trojan is called TROJ_DELF.BDG and it was deployed in webapps/fexshell/init.exe
Now the tomcat is running with pretty low privileges, the port is not so obvious, and the manager password is changed.