>>10
The usual vector for these exploits to get onto servers is badly written PHP (in case you run any web servers.) The payload is, in this case Java, but could be anything depending on the exact goals. Java has a far better track record than most other things (esp. PHP and/or use of MySQL databases, or anything else written by a moron.)