Snort - Network Intrusion Detection & Prevention System

Talos Rules 2016-06-02

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the exploit-kit, file-image, file-office, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2976

2016-06-02 23:20:23 UTC

Snort Subscriber Rules Update

Date: 2016-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39129 <-> DISABLED <-> EXPLOIT-KIT Nuclear gate redirect attempt (exploit-kit.rules)
 * 1:39132 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Acroform engine memory corruption attempt (file-pdf.rules)
 * 1:39136 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39112 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39143 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39144 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39138 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39142 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39141 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39137 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39139 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39135 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi directory traversal attempt (server-webapp.rules)
 * 1:39134 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi command injection attempt (server-webapp.rules)
 * 1:39131 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Acroform engine memory corruption attempt (file-pdf.rules)
 * 1:39133 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi command injection attempt (server-webapp.rules)
 * 1:39128 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules)
 * 1:39116 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39114 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39115 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39130 <-> DISABLED <-> EXPLOIT-KIT Obfuscated exploit download attempt (exploit-kit.rules)
 * 1:39117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection attempt (malware-cnc.rules)
 * 1:39140 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39147 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39113 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39145 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39146 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 3:39110 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0150 attack attempt (file-office.rules)
 * 3:39111 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0150 attack attempt (file-office.rules)
 * 3:39118 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39119 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39120 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39121 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39122 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39123 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39124 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39125 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39126 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39127 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)

Modified Rules:

2982

2016-06-02 23:20:23 UTC

Snort Subscriber Rules Update

Date: 2016-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39135 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi directory traversal attempt (server-webapp.rules)
 * 1:39134 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi command injection attempt (server-webapp.rules)
 * 1:39128 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules)
 * 1:39129 <-> DISABLED <-> EXPLOIT-KIT Nuclear gate redirect attempt (exploit-kit.rules)
 * 1:39130 <-> DISABLED <-> EXPLOIT-KIT Obfuscated exploit download attempt (exploit-kit.rules)
 * 1:39131 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Acroform engine memory corruption attempt (file-pdf.rules)
 * 1:39112 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39113 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39114 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39115 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39116 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection attempt (malware-cnc.rules)
 * 1:39136 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39137 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39138 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39139 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39141 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39140 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39142 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39143 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39144 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39133 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi command injection attempt (server-webapp.rules)
 * 1:39147 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39132 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Acroform engine memory corruption attempt (file-pdf.rules)
 * 1:39145 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39146 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 3:39110 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0150 attack attempt (file-office.rules)
 * 3:39111 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0150 attack attempt (file-office.rules)
 * 3:39118 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39119 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39120 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39121 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39122 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39123 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39124 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39125 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39126 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39127 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)

Modified Rules:

2983

2016-06-02 23:20:23 UTC

Snort Subscriber Rules Update

Date: 2016-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39147 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39146 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39145 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39144 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39143 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39142 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39141 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39140 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39139 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39138 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39137 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39136 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39135 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi directory traversal attempt (server-webapp.rules)
 * 1:39134 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi command injection attempt (server-webapp.rules)
 * 1:39133 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi command injection attempt (server-webapp.rules)
 * 1:39132 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Acroform engine memory corruption attempt (file-pdf.rules)
 * 1:39131 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Acroform engine memory corruption attempt (file-pdf.rules)
 * 1:39130 <-> DISABLED <-> EXPLOIT-KIT Obfuscated exploit download attempt (exploit-kit.rules)
 * 1:39129 <-> DISABLED <-> EXPLOIT-KIT Nuclear gate redirect attempt (exploit-kit.rules)
 * 1:39128 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules)
 * 1:39117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection attempt (malware-cnc.rules)
 * 1:39116 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39115 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39114 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39113 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39112 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 3:39110 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0150 attack attempt (file-office.rules)
 * 3:39111 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0150 attack attempt (file-office.rules)
 * 3:39118 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39119 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39120 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39121 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39122 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39123 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39124 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39125 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39126 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39127 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)

Modified Rules:

2980

2016-06-02 23:20:23 UTC

Snort Subscriber Rules Update

Date: 2016-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39128 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules)
 * 1:39129 <-> DISABLED <-> EXPLOIT-KIT Nuclear gate redirect attempt (exploit-kit.rules)
 * 1:39142 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39144 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39140 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39136 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39135 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi directory traversal attempt (server-webapp.rules)
 * 1:39134 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi command injection attempt (server-webapp.rules)
 * 1:39131 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Acroform engine memory corruption attempt (file-pdf.rules)
 * 1:39133 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi command injection attempt (server-webapp.rules)
 * 1:39132 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Acroform engine memory corruption attempt (file-pdf.rules)
 * 1:39112 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39113 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39114 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39115 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39116 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection attempt (malware-cnc.rules)
 * 1:39138 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39137 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39139 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39141 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39143 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules)
 * 1:39130 <-> DISABLED <-> EXPLOIT-KIT Obfuscated exploit download attempt (exploit-kit.rules)
 * 1:39146 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39145 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 1:39147 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
 * 3:39110 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0150 attack attempt (file-office.rules)
 * 3:39111 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0150 attack attempt (file-office.rules)
 * 3:39118 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39119 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39120 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39121 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39122 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39123 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39124 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39125 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39126 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)
 * 3:39127 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules)