SCSP relies on third-party technologies, such as Tomcat. Any new release of SCSP may integrate newer version of these third-party components.
As any Symantec product, SCSP follow strict QA processes to ensure the product is working as expected. Indeed, SCSP is tested with the version of Tomcat it contains, and Symantec would not design a new SCSP build for every single third-party component update.
Symantec would not support Tomcat upgrade or provide any article explaining how to do so (reminder: SCSP uses embedded Tomcat version, then installing standalone Tomcat 5.5.34/5.5.35 would not help).
You can open a case as previously mentioned to receive official feedback from Symantec support on that topic and see with them if next release of SCSP would integrate Tomcat 5.5.34/5.5.35.
REMARK: I recommand you to alway use latest version of Nessus and its plugins. I already saw a case where an older version of Nessus was detecting Tomcat 3.x vulnerabilities on SCSP 5.2.8 MP2.